Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started

Microsoft Defender disrupted a sophisticated, human-operated ransomware campaign targeting a large educational institution where attackers abused Group Policy Objects to disable protections and deploy ransomware via scheduled tasks and SMB; Defender's predictive shielding and attack disruption prevented GPO-based encryption across ~700 devices, blocked roughly 97% of attempted encryption, and contained remaining impact.